The spt project is a small step toward securing the mind as opposed to securing computers. Millions are spent safeguarding information systems, but under trained and susceptible minds then operate them. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done.

spt was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patch the human vulnerability.

If the project sounds interesting to you, please consider taking a look at it. Demo it (read-only mode), download it and use it yourself. We are looking for all feedback and ideas as we take the next steps on the project. Please feel free to contact us via replies to this thread, or via the contact form on our project web site.

From the http://www.sptoolkit.com/ website: "Researchers sent simulated phishing messages to employees at more than 3,500 small and midsize enterprises (SMEs) and found that recipients at nearly 500 companies, or 15 percent, clicked on a link contained in the message."

(my 2cents) Of the 85% who did not click the link, 80% called the helpdesk to ask whether the message was safe to open and/or whether they should click the link.